Posts

District Attorneys Use Spying as Cover To Demand a Law Enforcement Back Door

In response to a question Senate Intelligence Committee Chair Richard Burr posed during his committee’s Global Threat hearing yesterday, Jim Comey admitted that “going dark” is “overwhelmingly … a problem that local law enforcement sees” as they try to prosecute even things as mundane as a car accident.

Burr: Can you, for the American people, set a percentage of how much of that is terrorism and how much of that fear is law enforcement and prosecutions that take place in every town in America every day?

Comey: Yeah I’d say this problem we call going dark, which as Director Clapper mentioned, is the growing use of encryption, both to lock devices when they sit there and to cover communications as they move over fiber optic cables is actually overwhelmingly affecting law enforcement. Because it affects cops and prosecutors and sheriffs and detectives trying to make murder cases, car accident cases, kidnapping cases, drug cases. It has an impact on our national security work, but overwhelmingly this is a problem that local law enforcement sees.

Much later in the hearing Burr — whose committee oversees the intelligence but not the law enforcement function of FBI, which functions are overseen by the Senate Judiciary Committee — returned to the issue of encryption. Indeed, he seemed to back Comey’s point — that local law enforcement is facing a bigger problem with encryption than intelligence agencies — by describing District Attorneys from big cities and small towns complaining to him about encryption.

I’ve had more District Attorneys come to me that I have the individuals at this table. The District Attorneys have come to me because they’re beginning to get to a situation where they can’t prosecute cases. This is town by town, city by city, county by county, and state by state. And it ranges from Cy Vance in New York to a rural town of 2,000 in North Carolina.

Of course, the needs and concerns of these District Attorneys are the Senate Judiciary Committee’s job to oversee, not Burr’s. But he managed to make it his issue by calling those local law enforcement officials “those who complete the complement of our intelligence community” in promising to take up the issue (though he did make clear he was not speaking for the committee in his determination on the issue).

One of the responsibilities of this committee is to make sure that those of you at at the table and those that comp — complete the complement of our intelligence community have the tools through how we authorize that you need. [sic]

Burr raised ISIS wannabes and earlier in the hearing Comey revealed the FBI still hadn’t been able to crack one of a number of phones owned by the perpetrators of the San Bernardino attack. And it is important for the FBI to understand whether the San Bernardino attack was directed by people in Saudi Arabia or Pakistan that Tashfeen Malik associated with before coming to this country planning to engage in Jihad.

But only an hour before Jim Comey got done explaining that the real urgency here is to investigate drug cases and car accident cases, not that terrorist attack.

The balance between security, intelligence collection, and law enforcement is going to look different if you’re weighing drug investigations against the personal privacy of millions than if you’re discussing terrorist communications, largely behind closed doors.

Yet Richard Burr is not above pretending this about terrorism when it’s really about local law enforcement.

The 18-Minute Gap

The FBI had a press conference today to ask for help filling in the last 18 minutes of the 4-hour gap between the time  San Bernardino killer Syed Rizwan Farook and his wife, Tashfeen Malik, shot up his holiday party and the time cops killed them in a shootout.

In the absence of any other evidence the couple worked with a more organized group, the FBI wants to make sure the couple didn’t do anything in that 18-minute window that would indicate some kind of cooperation.

[A]mid signs that the investigation is slowing down, they issued a public appeal for help from anyone who might have information on what the couple, Syed Rizwan Farook and Tashfeen Malik, did from 12:59 p.m. to 1:17 p.m. on Dec. 2, perhaps in the form of a witness sighting or an image by a stray surveillance camera.

[snip]

Officials said Mr. Farook left his home at 8:37 a.m. and arrived at the Inland Regional Center, where co-workers were attending a morning training session and a holiday party, at 8:47 a.m. They said he left at 10:37 a.m., leaving behind a knapsack filled with pipe bombs that were never detonated. He returned at 10:56 with Ms. Malik and opened fire, leaving 14 people dead and 22 injured.

From there, the couple went to Seccombe Lake, which is a short drive from the Inland Regional Center. F.B.I. divers searched the lake last month and found no items related to the investigation.

[snip]
Mr. Bowdich said the couple spent most of the four hours after the attack driving.

“A lot of zigzagging around, going back and forth on the highway, going up and down,” he said. “There is no rhyme or reason to it that we can find yet. Maybe that 18-minute gap closes that gap, maybe it doesn’t.”

Frankly, I’m more interested in why the FBI doesn’t have cell phone tracking data from this period, especially given that they clearly have it from after the 18 minute gap. I asked on Twitter today but none of the journalists who covered this presser seem to have asked that obvious question (though there seems to be a map indicating some kind of cell tracking).

If they shut off their phones or otherwise hid their tracks, it would suggest some importance to whatever they were doing in that 18 minute gap.

One thing the FBI didn’t say, nor any of the crack reports I saw covering the press conference, is that the 18 minute gap — from 12:59 p.m. to 1:17 — happens to coincide with a period when Farook’s now arrested buddy, Enrique Marquez, was not captured on his employers’ closed circuit video.

Screen Shot 2016-01-05 at 9.35.28 PM

Frankly, that’s not the most interesting possibility for the couple’s actions in that window (and I don’t know whether Marquez’ employer was in the geographical window where the couple may have been).

But as I noted, Marquez’ claims to have dissociated from Farook after they planned a terrorist attack in 2012 don’t accord with the fact that he fake-married Farook’s brother’s sister-in-law.

What a Social Media Check for Visas Would Require

There’s a bunch of fevered commentary arising out of the report that Tashfeen Malik, one of the perpetrators of the San Bernardino attack, espoused extremism on Facebook before she entered the country. Otherwise sane members of Congress are submitting legislation calling for the government to review social media before granting a visa.

Here’s why that’s dumb.

First, let’s look at whether the State Department really could have found Malik’s posting before granting her a K1 visa. As CNN reported, Malik hadn’t actually been plotting jihad in the open, as much of the reporting on this suggests.

Tashfeen Malik advocated jihad in messages on social media, but her comments were made under a pseudonym and with strict privacy settings that did not allow people outside a small group of friends to see them, U.S. law enforcement officials told CNN on Monday.

[snip]

The New York Times reported on Sunday that U.S. immigration officials conducted three background checks on Malik when she emigrated from Pakistan but allegedly did not uncover social media postings in which she said she supported violent jihad and wanted to be a part of it.

According to the law enforcement officials, because Malik used a pseudonym and privacy controls, her postings would not have been found even if U.S. authorities had reviewed social media as part of her visa application process.

A U.S. official told CNN shortly after the San Bernardino attack that the United States only recently began reviewing the social media activity of visa applicants from certain countries. The date that these types of reviews began is not clear, but it was after Malik was considered, the source said.

So to get to the posts in question, someone would have had to match her pseudonym to a known identifier of hers, access her private communication, and then translate it from Urdu.

The NSA (though not State) actually has the ability to do that. They’d probably find her pseudonym either the way the FBI reportedly did, by giving Facebook her known email which they’d find was tied to that account, or they’d stick known identifiers (including name, email, credit card with which she paid her visa fee) into a tool the NSA has for correlating identities.

This process would be helped, of course, if DHS’ online visa application system was working, because that would not only increase the chances you’d get a working email for the applicant, but it would also give you at least one IP address you could also correlate on. But the effort to do that has become the worst kind of boondoggle, with a billion dollars spent and just one online form working. So this whole process would be started with less certainty attached to any online identifier.

The NSA also has the ability to read private posts — on Facebook at least. Given that at the time Malik applied for her visa she was neither a US person (I’m still not certain whether she would have been treated as a US person just with a fiance visa, on application for a Green Card, or on receipt of one), nor in the country, NSA could have used PRISM (with the added benefit that it would provide a bunch more identities to check).

Of course, you’d also want to check non-US social media, like Telegram (which ISIS has reportedly been using) and Vkontakte (which the Tsarnaev brothers used). That’s going to be harder to do.

Finally, you’d have to translate any posts Malik wrote from Urdu to English. While an initial translation could be done by machine, to understand any subtleties of the posting, you’d need to get a human translator to do the work, and even for key languages like Urdu and Arabic, the government has far too few translators.

So you could do such a check, at least for US-based social media, but you’d have to involve the NSA.

Now consider the resource demands of doing this. There are upwards of 450,000 immigrant visas issued each year.  There are another 750,000 student and temporary work visas, both categories of which are closer to a typical terrorist profile than a fiance visa (that doesn’t include exchange visitors and a range of other kinds of work visas).

Last year, the government targeted 92,000 people under Section 702, which you’d have  to use to get just private (not encrypted) communications. So you’d have to do an order of magnitude more PRISM searches every year to thoroughly check the social media of just the most obvious visa applicants. You’d either have to vastly expand NSA’s workstaff — and require key social media providers, like Facebook, to do the same just to stay ahead of compliance requests — or you’d have to pull them off of investigating targets about which they have some reason to be interested already.

Of course, if you did that — if you passed a law requiring all immigrants and long term visa applicants to be checked — then you’d make it far easier for people to evade detection, because you’d be alerting the few people who’d want to evade detection that you would check their accounts. They could then move to social media, like Telegram, that the US would have a harder time checking, and encrypt their messages.

Moreover, you’d be making this great effort at a time when much more obvious problems (such as that online form!) haven’t been fixed. Most importantly, since 9/11, it has been a top priority to track the exits of short term visitors (including those people with visa waivers), and the government still hasn’t managed that yet. If you want to make America more safe, you’d be far better served finally fixing that problem than reading a million people’s secret social media posts.

NSA Propagandist John Schindler Suggests Boston Marathon Terrorist Attack Not “Major Jihadist Attack”

NSA propagandist John Schindler has used the San Bernardino attack as an opportunity to blame Edward Snowden for the spy world’s diminished effectiveness, again.

Perhaps the most interesting detail in his column is his claim that 80% of thwarted attacks come from an NSA SIGINT hit.

Something like eighty percent of disrupted terrorism cases in the United States begin with a SIGINT “hit” by NSA.

That’s mighty curious, given that defendants in these cases aren’t getting notice of such SIGINT hits, as required by law, as ACLU’s Patrick Toomey reminded just last week. Indeed, the claim is wholly inconsistent with the claims FBI made when it tried to claim the dragnet was effective after the Snowden leaks, and inconsistent with PCLOB’s findings that the FBI generally finds such intelligence on its own. Whatever. I’m sure the discrepancy is one Schindler will be able to explain to defense attorneys when they subpoena him to explain the claim.

Then there’s Schindler’s entirely illogical claim that the shut-down of the phone dragnet just days before the attack might have helped to prevent it.

The recent Congressionally-mandated halt on NSA holding phone call information, so-called metadata, has harmed counterterrorism, though to what extent remains unclear. FBI Director James Comey has stated, “We don’t know yet” whether the curtailing of NSA’s metadata program, which went into effect just days before the San Bernardino attack, would have made a difference. Anti-intelligence activists have predictably said it’s irrelevant, while some on the Right have made opposite claims. The latter have overstated their case but are closer to the truth.

As Mike Lee patiently got Jim Comey to admit last week, if the Section 215 phone dragnet (as opposed to the EO 12333 phone dragnet, which remains in place) was going to prevent this attack, it would have.

Schindler then made an error that obscures one of the many ways the new phone dragnet will be better suited to counterterrorism. Echoing a right wing complaint that the government doesn’t currently review social media accounts as part of the visa process, he claimed “Tashfeen Malik’s social media writings [supporting jihad] could have been easily found.” Yet at least according to ABC, it would not have been so easy. “Officials said that because Malik used a pseudonym in her online messages, it is not clear that her support for terror groups would have become known even if the U.S. conducted a full review of her online traffic.” [See update.] Indeed, authorities found the Facebook post where Malik claimed allegiance to ISIS by correlating her known email with her then unknown alias on Facebook. NSA’s new phone program, because it asks providers for “connections” as well as “contacts,” is far more likely to identify multiple identities that get linked by providers than the old program (though it is less likely to correlate burner identities via bulk analysis).

Really, though, whether or not the dragnet could have prevented San Bernardino which, as far as is evident, was carried out with no international coordination, is sort of a meaningless measure of NSA’s spying. To suggest you’re going to get useful SIGINT about a couple who, after all lived together and therefore didn’t need to use electronic communications devices to plot, is silliness. A number of recent terrorist attacks have been planned by family members, including one cell of the Paris attack and the Charlie Hebdo attack, and you’re far less likely to get SIGINT from people who live together.

Which brings me to the most amazing part of Schindler’s piece. He argues that Americans have developed a sense of security in recent years (he of course ignores right wing terrorism and other gun violence) because “the NSA-FBI combination had a near-perfect track record of cutting short major jihadist attacks on Americans at home since late 2001.” Here’s how he makes that claim.

Making matters worse, most Americans felt reasonably safe from the threat of domestic jihadism in recent years, despite repeated warnings about the rise of the Islamic State and terrible attacks like the recent mass-casualty atrocity in Paris. Although the November 2009 Fort Hood massacre, perpetrated by Army Major Nidal Hasan, killed thirteen, it happened within the confines of a military base and did not involve the general public.

Two months before that, authorities rolled up a major jihadist cell in the New York City area that was plotting complex attacks that would have rivalled the 2005 London 7/7 atrocity in scope and lethality. That plot was backed by Al-Qa’ida Central in Pakistan and might have changed the debate on terrorism in the United States, but it was happily halted before execution – “left of boom” as counterterrorism professionals put it.

Jumping from the 2009 attacks (and skipping the 2009 Undiebomb and 2010 Faisal Shahzad attempts) to the Paris attack allows him to suggest any failure to find recent plots derives from Snowden’s leaks, which first started in June 2013.

However, the effectiveness of the NSA-FBI counterterrorism team has begun to erode in the last couple years, thanks in no small part to the work of such journalists-cum-activists. Since June 2013, when the former NSA IT contactor [sic] Edward Snowden defected to Moscow, leaking the biggest trove of classified material in all intelligence history, American SIGINT has been subjected to unprecedented criticism and scrutiny.

There is, of course, one enormous thing missing from Schindler’s narrative of NSA perfection: the Boston Marathon attack, committed months before the first Snowden disclosures became public. Indeed, even though the NSA was bizarrely not included in a post-Marathon Inspector General review of how the brothers got missed, it turns out NSA did have intelligence on them (Tamerlan Tsarnaev was in international contact with known extremists and also downloaded AQAP’s Inspire magazine repeatedly). Only, that intelligence got missed, even with the multiple warnings from FSB about Tamerlan.

Perhaps Schindler thinks that Snowden retroactively caused the NSA to overlook the intelligence on Tamerlan Tsarnaev? Perhaps Schindler doesn’t consider an attack that killed 3 and injured 260 people a “major jihadist attack”?

It’s very confusing, because I thought the Boston attack was a major terrorist attack, but I guess right wing propagandists trying to score points out of tragedy can ignore such things if it will spoil their tale of perfection.

Update: LAT reports that Malik’s Facebook posts were also private, on top of being written under a pseudonym. Oh, and also in Urdu, a language the NSA has too few translators in. The NSA (but definitely not the State Department) does have the ability to 1) correlate IDs to identify pseudonyms, 2) require providers to turn over private messages — they could use PRISM and 3) translate Urdu to English. But this would be very resources intensive and as soon as State made it a visa requirement, anyone trying to could probably thwart the correlation process.

Obama’s Terrorism Cancer Speech, Carter’s Malaise Speech

The right wingers who insist on calling any attack by a Muslim “terrorism” — who insist on tying the San Bernardino attack to ISIS, even in the absence of evidence — do it to prioritize the fight against Islamic terrorists over all the other ills facing America: over other gun violence, over climate change, over the persistent economic struggles of most Americans. Theirs is a profoundly unpatriotic effort to put war over every other policy priority, even far more pressing ones. That stance has led to a disinvestment in America, with real consequences for everyone not getting rich off of arms sales.

Last week, President Obama capitulated to these forces, giving a speech designed to give the attack in San Bernardino precedence over all the other mass killings of late, to give its 14 dead victims more importance over all the other dead victims. Most strikingly, Obama called attacks that aren’t, legally, terrorism, something his critics have long been demanding.

It is this type of attack that we saw at Fort Hood in 2009; in Chattanooga earlier this year; and now in San Bernardino.

And he lectured Muslims to reject any interpretation of Islam that is “incompatible” with “religious tolerance.”

That does not mean denying the fact that an extremist ideology has spread within some Muslim communities. This is a real problem that Muslims must confront, without excuse. Muslim leaders here and around the globe have to continue working with us to decisively and unequivocally reject the hateful ideology that groups like ISIL and al Qaeda promote; to speak out against not just acts of violence, but also those interpretations of Islam that are incompatible with the values of religious tolerance, mutual respect, and human dignity.

Not only does this give too little credit for the condemnation Muslims have long voiced against terrorist attacks, but it holds Muslims to a standard Obama doesn’t demand from Christians spewing intolerance.

It was a horrible speech. But this line struck me.

I know that after so much war, many Americans are asking whether we are confronted by a cancer that has no immediate cure.

In context, it was about terrorism.

I know we see our kids in the faces of the young people killed in Paris. And I know that after so much war, many Americans are asking whether we are confronted by a cancer that has no immediate cure.

Well, here’s what I want you to know: The threat from terrorism is real, but we will overcome it

But, particularly coming as it did after invoking dead children, it shouldn’t have been. Aside from those whose own kids narrowly missed being in Paris, why should we see our kids in the faces of the young people killed in Paris, rather than in the faces of the young people killed in the Umpqua Community College attack or the over 60 people under the age of 25 shot in Chicago between the Paris attack and Obama’s speech? If we were to think of a cancer with no immediate cure, why wouldn’t we be thinking of the 20 6-year olds killed in Newtown?

We have a cancer, but it’s not terrorism. And it’s not just exhibited in all our shootings. It is equally exhibited in our growing addiction rates, in the increasing mortality in some groups. Obama gave the speech, surely, to quiet the calls from those who demand he address terrorism more aggressively than he address the underlying cancer.

Obama’s horrible, flatly delivered speech made me think — even as I was watching of it — of that far more famous malaise speech, delivered by Jimmy Carter, 36 years ago.

Carter’s malaise speech, after all, was offered at the moment so much of the current malaise, the cancer, started. Inflation-adjusted wages for the middle class had already peaked, 6 years earlier. That was the moment when the rich and the super-rich started running off with greater and greater portion of the benefits of America’s productivity.

Screen Shot 2015-12-12 at 11.56.08 AM

And the overthrow of our client dictator in Iran months earlier would set off our decades-long dance with Islamic extremists. Indeed, just 12 days before Carter delivered what would be dubbed the malaise speech, he authorized covert support for what would become the mujahadeen in Afghanistan. Our entanglement with the Saudis — and with it our refusal to ditch our oil addiction — has disastrously governed much of our foreign policy since, even while the petrodollar delayed the recognition that our economy isn’t working anymore, not for average Americans.

Carter correctly diagnosed his moment. After making an effort to hear from Americans from all walks of life, he recognized that people believed — correctly, we now know — that the future might bring decline, not progress.

The erosion of our confidence in the future is threatening to destroy the social and the political fabric of America.

The confidence that we have always had as a people is not simply some romantic dream or a proverb in a dusty book that we read just on the Fourth of July.

It is the idea which founded our nation and has guided our development as a people. Confidence in the future has supported everything else — public institutions and private enterprise, our own families, and the very Constitution of the United States. Confidence has defined our course and has served as a link between generations. We’ve always believed in something called progress. We’ve always had a faith that the days of our children would be better than our own.

Our people are losing that faith, not only in government itself but in the ability as citizens to serve as the ultimate rulers and shapers of our democracy. As a people we know our past and we are proud of it. Our progress has been part of the living history of America, even the world. We always believed that we were part of a great movement of humanity itself called democracy, involved in the search for freedom, and that belief has always strengthened us in our purpose. But just as we are losing our confidence in the future, we are also beginning to close the door on our past.

In a nation that was proud of hard work, strong families, close-knit communities, and our faith in God, too many of us now tend to worship self-indulgence and consumption. Human identity is no longer defined by what one does, but by what one owns. But we’ve discovered that owning things and consuming things does not satisfy our longing for meaning. We’ve learned that piling up material goods cannot fill the emptiness of lives which have no confidence or purpose.

The symptoms of this crisis of the American spirit are all around us. For the first time in the history of our country a majority of our people believe that the next five years will be worse than the past five years.

He saw the gap growing between Washington’s policy wonks and the people they purportedly served.

Looking for a way out of this crisis, our people have turned to the Federal government and found it isolated from the mainstream of our nation’s life. Washington, D.C., has become an island. The gap between our citizens and our government has never been so wide. The people are looking for honest answers, not easy answers; clear leadership, not false claims and evasiveness and politics as usual.

What you see too often in Washington and elsewhere around the country is a system of government that seems incapable of action. You see a Congress twisted and pulled in every direction by hundreds of well-financed and powerful special interests. You see every extreme position defended to the last vote, almost to the last breath by one unyielding group or another. You often see a balanced and a fair approach that demands sacrifice, a little sacrifice from everyone, abandoned like an orphan without support and without friends.

36 years ago, Carter saw that the nation was at a turning point, a moment where it could choose to continue down the path it was (and remains on) or come together again.

We are at a turning point in our history. There are two paths to choose. One is a path I’ve warned about tonight, the path that leads to fragmentation and self-interest. Down that road lies a mistaken idea of freedom, the right to grasp for ourselves some advantage over others. That path would be one of constant conflict between narrow interests ending in chaos and immobility. It is a certain route to failure.

All the traditions of our past, all the lessons of our heritage, all the promises of our future point to another path, the path of common purpose and the restoration of American values. That path leads to true freedom for our nation and ourselves. We can take the first steps down that path as we begin to solve our energy problem.

There are parts of Carter’s speech that grate, now. Given his singular focus on energy independence, he pushed hard for coal and shale oil exploitation. Carter’s endorsement of saying something nice about America dismisses the possibility some introspection about America’s mistakes was in order.

Moreover, some areas of strength, the areas where Carter believed America would endure, have not.

I do not mean our political and civil liberties. They will endure. And I do not refer to the outward strength of America, a nation that is at peace tonight everywhere in the world, with unmatched economic power and military might.

We still have unmatched military might and the largest economy, but that hasn’t brought us peace or respect for civil liberties. Instead, the monster Carter and his advisor Zbignew Brzezinski first unleashed led us to double down on our own malaise, one which led, after many years, to Obama’s cancer speech.

And while the initial response to the speech was quite positive, Carter squandered the value of the speech.

Obama was, in my opinion, wrong to capitulate to those who want to focus singularly on terrorism rather than on America’s problems more generally. Because both here and abroad, our failure to address the malaise Carter identified decades ago remains the more critical problem.

 

“Encryption” Is Just Intel Code for “Failure to Achieve Omniscience”

After receiving a briefing on the San Bernardino attack, Richard Burr went out and made two contradictory claims. First, Burr — and or other sources for The Hill — said that there was no evidence the Tashfeen Malik and Syed Rizwan Farook used encryption.

Lawmakers on Thursday said there was no evidence yet that the two suspected shooters used encryption to hide from authorities in the lead-up to last week’s San Bernardino, Calif., terror attack that killed 14 people.

“We don’t know whether it played a part in this attack,” Senate Intelligence Committee Chairman Richard Burr (R-N.C.) told reporters following a closed-door briefing with federal officials on the shootings.

That’s consistent with what we know so far. After all, a husband and wife wouldn’t need to — or have a way of — encrypting their communications with each other, as it would be mostly face-to-face. The fact that they tried to destroy their devices (and apparently got rid of a still undiscovered hard drive) suggests they weren’t protecting that via encryption, but rather via physical destruction. That doesn’t rule out using both, but the FBI would presumably know if the devices they’re reconstructed were encrypted.

So it makes sense that the San Bernardino attacks did not use encryption.

But then later in the same discussion with reporters, Burr suggested Malik and Farook must have used encryption because the IC didn’t know about their attack.

Burr suggested it might have even played a role in the accused San Bernardino shooters — Tashfeen Malik and Syed Rizwan Farook — going unnoticed for years, despite the FBI saying they had been radicalized for some time.

“Any time you glean less information at the beginning, clearly encryption probably played a role in it,” he said. “And there were a lot of conversations that went on between these two individuals before [Malik] came to the United States that you would love to have some insight to other than after an attack took place.”

This is a remarkable comment!

After all, the FBI and NSA don’t even read all the conversations of foreigners, as Malik would still have legally been, that they can. Indeed, if these conversations were in Arabic or Urdu, the IC would only have had them translated if there were some reason to find them interesting. And even in spite of the pair’s early shooting training, it’s not apparent they had extensive conversations, particularly not online, to guide that training.

Those details would make it likely that the IC would have had no reason to be interested. To say nothing of the fact that ultimately “radicalization” is a state of mind, and thus far, NSA doesn’t have a way to decrypt thoughts.

But this is the second attack in a row, with Paris, where Burr and others have suggested that their lack of foreknowledge of the attack makes it probable the planners used encryption. Burr doesn’t even seem to be considering a number of other things, such as good operational security, languages, and metadata failures might lead the IC to miss warning signs, even assuming they’re collecting everything (there should have been no legal limits to their ability to collect on Malik).

We’re not having a debate about encryption anymore. We’re debating making the Internet less secure to excuse the IC’s less-than-perfect-omniscience.

Marco Rubio Leaks that the Phone Dragnet Has Expanded to “A Large Number of Companies”

Last night, Marco Rubio went on Fox News to try to fear-monger over the phone dragnet again.

He repeated the claim that the AP also idiotically parroted uncritically — that the government can only get three years of records for the culprits in the San Bernardino attack.

In the case of these individuals that conducted this attack, we cannot see any phone records for the first three years in which — you can only see them up to three years. You’ll not be able to see the full five-year picture.

Again, he’s ignoring the AT&T backbone records that cover virtually all of Syed Rizwan Farook’s 28-year life that are available, that 215 phone dragnet could never have covered Tashfeen Malik’s time in Pakistan and Saudi Arabia, and that EO 12333 collection not only would cover Malik’s time before she came to the US, but would also include Farook’s international calls going back well over 5 years.

So he’s either an idiot or he’s lying on that point.

I’m more interested in what he said before that, because he appears to have leaked a classified detail about the ongoing USA Freedom dragnet: that they’ve been issuing orders to a “large and significant number of companies” under the new dragnet.

There are large and significant number of companies that either said, we are not going to collect records at all, we’re not going to have any records if you come asking for them, or we’re only going to keep them on average of 18 months. When the intelligence community or law enforcement comes knocking and subpoenas those records, in many cases there won’t be any records because some of these companies already said they’re not going to hold these records. And the result is that we will not be able in many cases to put together the full puzzle, the full picture of some of these individuals.

Let me clear: I’m certain this fact, that the IC has been asking for records from “a large number of companies,” is classified. For a guy trying to run for President as an uber-hawk, leaking such details (especially in appearance where he calls cleared people who leak like Edward Snowden “traitors”) ought to be entirely disqualifying.

But that detail is not news to emptywheel readers. As I noted in my analysis of the Intelligence Authorization the House just passed, James Clapper would be required to do a report 30 days after the authorization passes telling Congress which “telecoms” aren’t holding your call records for 18 months.

Section 307: Requires DNI to report if telecoms aren’t hoarding your call records

This adds language doing what some versions of USA Freedom tried to requiring DNI to report on which “electronic communications service providers” aren’t hoarding your call records for at least 18 months. He will have to do a report after 30 days listing all that don’t (bizarrely, the bill doesn’t specify what size company this covers, which given the extent of ECSPs in this country could be daunting), and also report to Congress within 15 days if any of them stop hoarding your records.

That there would be so many companies included Clapper would need a list surprised me, a bit. When I analyzed the House Report on the bill, I predicted USAF would pull in anything that might be described as a “call.”

We have every reason to believe the CDR function covers all “calls,” whether telephony or Internet, unlike the existing dragnet. Thus, for better and worse, far more people will be exposed to chaining than under the existing dragnet. It will catch more potential terrorists, but also more innocent people. As a result, far more people will be sucked into the NSA’s maw, indefinitely, for exploitation under all its analytical functions. This raises the chances that an innocent person will get targeted as a false positive.

At the same time, I thought that the report’s usage of “phone company” might limit collection to the providers that had been included — AT&T, Verizon, and Sprint — plus whatever providers cell companies aren’t already using their backbone, as well as the big tech companies that by dint of being handset manufacturers, that is, “phone” companies, could be obligated to turn over messaging records — things like iMessage and Skype metadata.

Nope. According to uber-hawk who believes leakers are traitors Marco Rubio, a “large number” of companies are getting requests.

From that I assume that the IC is sending requests to the entire universe of providers laid out by Verizon Associate General Counsel Michael Woods in his testimony to SSCI in 2014:

Screen Shot 2015-12-08 at 1.17.27 AM

Woods describes Skype (as the application that carried 34% of international minutes in 2012), as well as applications like iMessage and smaller outlets of particular interest like Signal as well as conferencing apps.

So it appears the intelligence committees, because they’re morons who don’t understand technology (and ignored Woods) got themselves in a pickle, because they didn’t realize that if you want full coverage from all “phone” communication, you’re going to have to go well beyond even AT&T, Verizon, Sprint, Apple, Microsoft, and Google (all of which have compliance departments and the infrastructure to keep such records). They are going to try to obtain all the call records, from every little provider, whether or not they actually have the means with which to keep and comply with such requests. Some — Signal might be among them — simply aren’t going to keep records, which is what Rubio is complaining about.

That’s a daunting task — and I can see why Rubio, if he believes that’s what needs to happen, is flustered by it. But, of course, it has nothing to do with the end of the old gap-filled dragnet. Indeed, that daunting problem arises because the new program aspires to be more comprehensive.

In any case, I’m grateful Rubio has done us the favor of laying out precisely what gaps the IC is currently trying to fill, but hawks like Rubio will likely call him a traitor for doing so.

Why the AP’s Call Record Article Is So Stupid

Update, 12/8: After ignoring corrections on Saturday, letting their story be a key prop on the Sunday shows, having me write this post on Sunday, and then re-tweeting their story Monday morning, the AP has now fact checked the AP, effectively conceding I was right and they should have fixed their story before it became a propaganda tool. 

The AP engaged in willful propaganda yesterday, in what appears to be a planned cutout role for the Marco Rubio campaign. Rubio’s campaign immediately pointed to the article to make claims they know — or should, given that Rubio is on the Senate Intelligence Committee — to be false, relying on the AP article. That’s the A1 cutout method Dick Cheney used to make false claims about aluminum tubes to catastrophic effect back in 2002.

And because editor (and author of the article) Ted Bridis has ignored the multiple people pointing out the errors in the article, I’m going to take the effort to explain how stupid it is.

Here’s how it started:

Screen Shot 2015-12-06 at 2.17.54 PM

Notice how there’s no mention, in the headline or the lead, of the FBI? They’re the agency that will lead the investigation of the San Bernardino attack. That’s important because FBI has their own databases and the ability to obtain records from phone and Internet companies directly going forward (and already had, given reports from Facebook, before this article was written). The PCLOB report on the 215 phone dragnet showed that the FBI almost always accessed the information they otherwise might have gotten from the 215 dragnet via their own means. “[O]ur review suggests that the Section 215 program offers little unique value here, instead largely duplicating the FBI’s own information-gathering efforts.”

But the real problem with this utterly erroneous article is that it suggests the “US government” can’t get any records from NSA, which in turn suggests the only records of interest the NSA might have came from the Section 215 dragnet, which is of course nonsense. Not only does the NSA get far more records than what they got under Section 215 — that dragnet was, according to Richard Clarke, just a fraction of what NSA got, and according to NSA’s training, it was significantly redundant with EO 12333 collection on international calls to the US, which the NSA can collect with fewer limits as to format and share more freely with the FBI — but there are plenty of other places where the FBI can get records.

So the AP didn’t mention all the ways FBI gets records on its own, and it didn’t mention the larger NSA EO 12333 bulk collection that NSA can share more freely with FBI.

And Bridis, the author of this piece, knows it. Among the things he admitted in 140 character tweets to me was that the government also gets EO 12333 and FAA 702 information, and that his reference pertained to the Section 215 phone dragnet only.

Screen Shot 2015-12-06 at 1.54.35 PM

His article, mind you, was around 700 words long. But nowhere in that 700 word article did he make what he said in a 140-character tweet clear, that Section 215 was just one program among several from which NSA (to say nothing of FBI) gets records. From that, we can only assume the AP deliberately chose to mislead its readers.

And the AP continued to do so. In the 2nd paragraph, it again suggested all historical phone records in bulk were unavailable. It also failed to mention that query results from the old dragnet — meaning the call records of anyone the NSA has deemed interesting enough to query in the past, presumably including the “subjects” government sources say Syed Rizwan Farook had communicated with — will be available to the NSA and FBI going forward and probably would have already been shared (that was made clear by the FISC order Bridis cited in the article).  In the 3rd paragraph, AP suggested the only means to get phone records was under the new USA Freedom approach. In the 4th and 5th paragraph, AP chose to cite Jim Comey not providing details on an ongoing investigation rather than Comey’s testimony to Congress (or ODNI’s recent statement on the new program) that authorities will get more records under the new program.

It wasn’t until paragraph 7 before the AP finally got around to talking about what the AP claims the story was about: the coincidence of the shut down of the old program and the beginning of the new one. Before that point, of course, the propaganda had been done.

There are two other key misleading points in this ridiculous article. AP misstated how many years of records the FBI might be able to get, claiming it was just two, rather than 28 or more in the case of AT&T’s backbone, covering virtually the entire period during which the husband from the San Bernardino couple, Farook, presumably could speak. Even while doing so, Bridis made a remarkably ironic admission: that the 2 year period of phone records allegedly available covered the entire time Tashfeen Malik was in the US.

The period covered the entire time that the wife, Tashfeen Malik, lived in the United States, although her husband, Syed Farook, had been here much longer. She moved from Pakistan to the U.S. in July 2014 and married Farook the following month.

This means that to get records for the period when, it now appears, Malik embraced radical Islam, the NSA would have to rely on EO 12333 collection, because Section 215 only included records involving someone in the US. That is, at least as it pertains to Malik, all the records the AP wrote their story about would be useless.

There’s one other irony about this story. AP has been — both as an institution and through its NatSec beat reporter Ken Dilanian, who was credulously reporting the story even before he moved to AP — among the dead-enders for the misleading claim that the Section 215 dragnet only got 30% of the phone records in the US. So if the AP believes the AP’s still uncorrected reporting, it believes that the phone dragnet only captured 30% of the calls that might help explain the San Bernardino attack. As I noted, they chose not to mention the multiple official assertions that the new program will get more records than the NSA used to get. But if the AP believes the AP’s reporting, then the AP knows that from their past reporting. Given that fact, the AP’s story should be about how great it is that this attack happened after that old gap-ridden program got replaced by one that will pull a far more comprehensive picture of anyone 2 degrees away from Farook and Malik. But the AP didn’t mention that detail.

Why isn’t the AP willing to rely on the AP’s reporting?

Yes, Calling Only Muslims Terrorists Does Result in Disparate Treatment of Muslims

Over at Salon, I’ve got a piece addressing the things we call terror in this country that mostly argues, “In the wake of the Planned Parenthood attack, both the right and the left should redouble our commitment to distinguishing speech from murder.” But I also start by laying out how various mass killings get labeled as terrorism.

Commentary on the deadly mass shootings over the past week — last Friday’s at a Planned Parenthood in Colorado, and yesterday’s in San Bernardino, Calif. — has thus far has focused on whether the attacks were terroristic in nature.

Such a designation would suggest violence in support of political ends but also to a set of potential criminal charges. In both cases, there were at least initial reports the perpetrators tried to set off an explosive device, in Planned Parenthood shooter’s case a propane tank (though since initial reports, police have said nothing about whether this was his intent), in the alleged San Bernardino attackers’ case, several pipe bombs. If authorities do confirm these were bombs, both cases might be treated legally as domestic terrorism. Because of an asymmetry in our laws on terrorism and our collection of online communications, if the San Bernardino shooters can be shown to have been inspired by a foreign terrorist organization, like ISIS — as now appears to be the case — their attack would be treated as terrorism even without a bomb.

At Lawfare, former NSA attorney Susan Hennessey has a piece outlining at length much the same thing. If you want a detailed legal treatment of what I summarized in that Salon paragraph, written by an actual lawyer, hers is a decent piece to read.

But her piece is far more interesting as an artifact of a certain type of thinking, complete with some really important blind spots about how the law actually gets implemented. Those blind spots let Hennessey claim, falsely, that the different treatment of international and domestic terrorism does not result in disparate treatment for Muslims.

Hennessey lays out the law behind terrorism charges and argues (and I agree) that the distinction is mostly investigative.

The most consequential citation to the § 2331(5) domestic terrorism definition is in the Attorney General Guidelines for Domestic FBI Operations which authorizes the FBI to conduct “enterprise investigations” for the purpose of establishing the factual basis that reasonably indicates a group has or intends to commit an act of “domestic terrorism as defined in 18 U.S.C. § 2331(5) involving a violation of federal criminal law”:

[snip]

As a consequence, labeling an act one of “domestic terrorism” is most important in the context of investigations, and not ultimately indictments.

She claims it’s okay to treat domestic “ideologically-motivated mass shootings” (which is a great term) as murder because states have the capacity to investigate them.

We don’t want to have a general federal murder statute, and the states are perfectly capable of prosecuting murders of American citizens within their borders, even those that are motivated by politics.

[snip]

States have no lack of capacity to investigate shootings, no lack of authorities to prosecute them, and mass shooters have tended to be very local in the past.

Of course, interest in investigating is very different from capacity to. And for many forms of right wing terrorism — the targeting of minorities and health clinics — there has been local disinterest in investigating the networks behind them. That problem has been addressed in both cases, though not by making these crimes terrorism, but rather by creating “hate crime” and Freedom of Access to Clinic Entrances laws that can give the Feds jurisdiction. But that jurisdiction does not, then, get those crimes that require Federal investigation or prosecution because localities are disinterested treated as terrorism crimes, especially not prospectively. That means the FBI will be bureaucratically less focused on and less rewarded for the investigation of them, and they’ll more often intervene after an attack than before, to prevent it. That bureaucratic focus shows up in Congressional tracking of terrorism cases and White House focus on them, which is another way of saying FBI’s bosses and purse-strings pay closer attention to the stuff that gets charged as terrorism.

Hennessey claims this doesn’t result in any disparate treatment of Muslims. To prove that there is no disparity arising out of the limitation of domestic terrorism mostly to crimes involving bombs, she lays out a list of Muslims who killed using guns that didn’t get charged with terrorism. Here’s just part of her discussion (in the later part, she presumes attackers who died would not have been charged as terrorists).

By and large, violent extremists of all stripes who use bombs are prosecuted as terrorists, while violent extremists of all stripes who use guns get prosecuted as simple murderers. Consider Nidal Hassan, the Fort Hood shooter who professed an agenda of radical Islam, yet was prosecuted by the military for simple murder. Despite overwhelming calls to categorize the act as terrorism, the Pentagon treated it as an act of workplace violence. Shortly before the Fort Hood shooting in 2009, Abdulhakim Mujahid Muhammad killed two soldiers in front of a Little Rock, Arkansas recruiting station. Following the shooting, Muhammad expressed to investigators allegiance to al Qaeda in the Arabian Peninsula. Yet he was prosecuted by the state of Arkansas and ultimately pled guilty to capital murder charges, not terrorism. The most dramatic example may be that of Mir Aimal Kasi who, in 1993, shot two CIA employees dead outside the agency’s entrance in Langley, Virginia. Kasi’s stated motive was anger over the US treatment of people in the Middle East, particularly Palestinians. He fled to Pakistan, and following a four-year international manhunt and joint CIA-FBI capture operation in Pakistan, he was rendered back to the United States. How was he charged? Not with terrorism. Kasi was convicted by the state of Virginia on capital murder charges and executed in 2002.

But, even ignoring how she presumes certain charging decisions had some attackers not died, this is not enough to prove her claim. To prove it, she’d also have to prove that non-Muslims who use bombs in “ideologically-motivated” killings do get charged as terrorists, and that the ability to charge domestic crimes using bombs is not used by FBI to create terrorism prosecutions. With a few notable exceptions, those things aren’t true.

There are a number of cases of right wingers who could have gotten charged with a terrorist WMD charge but didn’t. Most notably, there’s Eric Rudolph — who not only serially bombed abortion clinics but bombed the Atlanta Olympics, then escaped across state lines. He was charged with explosives charges but not given a terrorism enhancement (he is serving multiple life sentences in any case). Indeed, his indictment — signed by current Deputy Attorney General Sally Quillian Yates when she was an AUSA — did not once call the series of bombings and threats Rudolph carried out terrorism, even though bombing the Olympics is a quintessential example of terrorism.

Then there’s another Sally Yates case (this time as US Attorney), the Waffle House plot, in which four geriatric right wingers plotted to use weapons and ricin dropped from a plane to overthrow the federal government. They actually bought what they thought was explosives from the FBI, but did not get charged with terrorism for either the ricin or the presumed explosives.

There’s Schaffer Cox, who got busted for conspiring to kill federal authorities; he talked about using grenades but did not get charged with a WMD count. There’s Benjamin Kuzelka, the guy with Nazi propaganda trying to make TATP. There’s William Krar, the white supremacist caught with massive explosives who eventually pled to one chemical weapons charge, but without exposing what was presumed to be a broader network.

Meanwhile, there are just three cases I know of where non-Muslims did get charged with bomb-related terrorism charges — and to some degree, these exceptions prove the rule (I’m not treating ACTA “animal terrorism” cases, which introduce another order of magnitude of absurdity into the issue).

There is the Spokane MLK bomber Kevin Harpham, whose sophisticated bomb got found before it went off.  Harpham’s plea deal retained a terrorism WMD charge, but his sentence was lighter than similarly situated Muslim terrorists.

There is the Hutaree group charged on multiple counts of trying to overthrow the government, including with bombs. The terrorism related charges against the Hutaree were thrown out entirely (in part because they were charged badly), and most of the 9 of them went free.

The only case I know of that is parallel to the way many Muslims get treated is that of the Occupy Cleveland participants whose discussion of vandalism got inflamed — and focused on a target that might merit federal charges — by an informant who also plied them with jobs and other enticements. After pressing buttons they thought would detonate a bomb, they got charged as terrorists.  The judge thought the punishments requested by the government “grotesque” and sentenced them much more lightly (though still to upwards from 6 years).

I say the Occupy Cleveland case is parallel because for the overwhelming number of cases charged as Islamic terrorism, the FBI supplies the bomb and often picks the target for a “wayward knucklehead” who then gets charged with terrorism (though judges almost never consider those charges “grotesque”). There were hundreds of them already by 2011. Often, the target would have not had the ability — in terms of money, experience, and other resources — to conduct the “bomb” plot by himself. So when Hennessey justifies charging bomb but not gun crimes as terrorism because “bombers tend to be more organized in interstate groups,” what she really means is that the FBI is an organized interstate group, because that’s the organizing force that provides the expertise in the overwhelming majority of terrorism cases.

Which brings me to the most alarming claim that Hennessey makes, in the midst of an argument that the civil liberties cost of treating domestic terrorism like international terrorism is too high: that what she calls “complex legal obligations” on using “incidental” collection reflects heightened privacy concerns.

The complex legal obligations generated by incidental or intentional focus on US persons reflects the heightened privacy and civil liberties concerns at stake when we use foreign intelligence tools domestically. And rightly so, as the process of investigating and prosecuting domestic terrorists and homegrown violent extremists risks infringing into areas of constitutionally protected speech, religion, and association.

To be fair, she was an NSA lawyer, not an FBI lawyer, which is why I consider this surprising claim a “blind spot.” The NSA does have to treat incidentally US person data carefully; they actually do very few back door searches of incidentally collected data.

But many (if not most) counterterrorism targets collected under Section 702 and all traditional FISA ones get shared directly with the FBI. And the FBI can access and use the incidentally collected data not only for formal investigations, but also for assessments, such as called in tips or even just to find stuff to use to coerce people to turn informant. For incidentally collected US person data that resides in FBI’s databases, in other words, there are no complex legal obligations on incidental collection. None. It just sits there for 30 years at potential risk of contributing to a prosecution. And that’s a big source of the stings the FBI starts, when it throws an informant at some kid downloading Inspire or talking in a chat room to try to take them off the street by inventing a bomb plot.

Update: In her response to this piece, Hennessey makes it clear she believes this passage is wrong–and with respect to whether unreviewed data sits in FBI servers for 30 years, it is; with respect to how much CT data FBI gets directly it may be. But as to its accessibility, per the PCLOB report on 702, it is not. So I’m replacing this paragraph with this language from PCLOB.

Because they are not identified as such in FBI systems, the FBI does not track the number of queries using U.S. person identifiers. The number of such queries, however, is substantial for two reasons.

First, the FBI stores electronic data obtained from traditional FISA electronic surveillance and physical searches, which often target U.S. persons, in the same repositories as the FBI stores Section 702–acquired data, which cannot be acquired through the intentional targeting of U.S. persons. As such, FBI agents and analysts who query data using the identifiers of their U.S. person traditional FISA targets will also simultaneously query Section 702–acquired data.

Second, whenever the FBI opens a new national security investigation or assessment, FBI personnel will query previously acquired information from a variety of sources, including Section 702, for information relevant to the investigation or assessment. With some frequency, FBI personnel will also query this data, including Section 702– acquired information, in the course of criminal investigations and assessments that are unrelated to national security efforts. In the case of an assessment, an assessment may be initiated “to detect, obtain information about, or prevent or protect against federal crimes or threats to the national security or to collect foreign intelligence information.”

[snip]

Section 702–acquired communications that have not been reviewed must be aged off FBI systems no later than five years after the expiration of the Section 702 certifications under which the data was acquired.

So if conducting network investigations of “domestic terrorists and homegrown violent extremists risks infringing into areas of constitutionally protected speech, religion, and association,” — and I absolutely agree it does — then it does for Muslims as well, except that because we’ve made the terrorism Muslims might engage in a different category of collection and thrown billions of dollars at it, they’re not accorded that protection.

Finally, there’s one other problem with the assumption that international terrorism requires enterprise investigations but domestic terrorism doesn’t (that’s not actually what happens; FBI does do enterprise investigations of domestic terrorism, just with a different focus and different SIGINT tools). People get killed as a result.

Consider Kevin Harpham’s case, the MLK bomber. The government used the correspondence Harpham had while in jail with known white supremacist Frazier Glenn Miller (who was, I believe, then in North Carolina but would move to Kansas) to call for an enhanced sentence. Miller’s offer to raise money for Harpham might have been evidence of an interstate network worth tracking. But the FBI appears not to have done so, though, given that Miller went on to murder three people he believed (wrongly) to be Jewish two years later. Miller got charged at the state level and will be executed.

Similarly, supporters of the militant anti-choice group Army of God have corresponded with people who had been previously convicted for attacks before attacking others (in addition to publishing Rudolph’s memoir), and George Tiller’s murderer, Scott Roeder, has issued threats while talking with Army of God supporters from prison as recently as two years ago. These things have happened across state boundaries, so would be tougher to investigate at the local level. Like ISIS or AQAP, Army of God makes how-to materials available to its supporters.

Indeed, the way in which Army of God fans have networked is particularly important given this claim from Hennessey:

[With the Planned Parenthood attack], there is no apparent evidence that the perpetrator was acting as part of a larger group, and thus no need for the federal government to pursue an enterprise investigation.

I presume she isn’t privy to the evidence discovered so far, so in fact has no basis to say this. But even the public reporting poses good reason to look for such connections. Six years ago, Dear considered the Army of God to be heroes for their actions.

In 2009, said the person, who spoke on the condition of anonymity out of concerns for the privacy of the family, Mr. Dear described as “heroes” members of the Army of God, a loosely organized group of anti-abortion extremists that has claimed responsibility for a number of killings and bombings.

As ISIS did with the San Bernardino attack, the Army of God hailed the Planned Parenthood attack.

 Robert Lewis Dear aside, Planned Parenthood murders helpless preborn children. These murderous pigs at Planned Parenthood are babykillers and they reap what they sow. In this case, Planned Parenthood selling of aborted baby parts came back to bite them.

Dear was very active online, so it is not unreasonable to wonder whether he had reached out in the interim period to the group or consulted their how-to resources. But you’re not going to find those ties unless you look for them, and series of localized murder trials are far less likely to do that than an FBI enterprise investigation.

The FBI doesn’t entirely ignore attacks on reproductive health clinics. Indeed, it issued a threat assessment predicting increased targeting of clinics in September. Would a more focused enterprise investigation into Army of God before the Planned Parenthood attack have prevented it?

Frankly, as Hennessey says, there’s a balancing of civil liberties that goes on. And it may be that the number of deaths we suffer from non-Islamic “ideologically-motivated mass shootings” hits that sweet spot of the number of deaths we’ll tolerate given the risks to civil liberties (or — as I argued at Salon — it may be that because we suffer so many non-Islamic “ideologically-motivated mass shootings” and non-Ideological mass shootings, we need to develop another approach to combat them).

But under the current system, the victims of Islamic “ideologically-motivated mass shootings” are treated as more important deaths than all the others (which almost certainly inflates the import of them and thereby feeds more terror). All American mass deaths, ideologically-motivated, Islamic or not, deserve the same access to justice (or chance of prevention). And all Americans, whether they worship in a church or a mosque or a library, deserve the same protection for their First Amendment rights.

Update: As I noted above, Hennessey has replied to my piece. She expands on this sentence:

It is also the case that Muslim populations have been disproportionately impacted by foreign-specific material support laws.

To this discussion, to make it far, far more clear that she recognizes there is a difference.

In fact, I actually do believe that Muslims are disparately impacted by terrorism laws. Indeed, in my piece I make this point expressly with respect to material support laws. Furthermore, whatever the legal distinctions between homegrown violent terrorists and domestic terrorists—domestic actors with no contact with foreign groups who may or may not be inspired by foreign terrorist ideology—the law certainly applies dramatically different consequences to foreign terrorist organizations and international terrorists who commit crimes in coordination with those organizations. The FBI can pose as Al Qaeda or ISIS operatives and trick a homegrown violent extremist into becoming an international terrorist based on contact with wholly fictitious terrorists. Walk that out to include crimes of attempt and material support, as Wheeler notes, and the disparate application is reflected in the prosecution numbers.

She then shows the results of her research to find several more white people charged as terrorists (notably McVeigh; I don’t contest that if we go back far enough in time before 9/11 we could find loads of white people charged as terrorists, and rightly so).

But her treatment of Rudolph reinforces my point.

Rudolph is a puzzling case, because the government declined to even indict on terrorism charges that would seem to have been clearly available. But while Rudolph was not charged as a terrorists, federal authorities had long publically referred to him as just that. In a statement following Rudolph’s arrest then Attorney General John Ashcroft called Rudolph’s crimes “terrorist attacks” outright.

First, the fact that Ashcroft calls Rudolph’s attacks terrorist attacks, but does not call him a terrorist, precisely stops short of calling a white man a terrorist. More importantly, Hennessey has spent two articles talking about terrorism being a legal distinction, specifically backing off what people get called.

There is an element of truth to this as a matter of media vocabulary, and certainly there are those in right-wing corners of the media who are quick to call terrorism any act of violence perpetrated by someone from an Arab or Muslim country.

But if we’re going to measure what people get called, then her gun/bomb distinction breaks down. Because many of the Muslims attacking with guns get called terrorists by the Feds (though they generally did not with Nidal Hasan, which adds the element of military targeting).

And all of this comes back to her initial point, with which I agree: this is about investigation. And the reality is, regardless of what it called him, the government treated Rudolph (and Harpham) as a lone wolf, not as a person in the network that he was in. One reason fewer white ideological terrorists get charged with terrorism is because until you do that investigation, you may not find the network, especially since the chances it will be sitting in an FBI server are much lower because of the different standards for collecting data. And, in the case of Frazier Glenn Miller, you may not prevent deaths you might have.

The FBI has dedicated 400 people to investigating what motivated the San Bernardino attackers because it is clear they were radicalized but their actual ties to foreign terrorists are not yet. That’s a focus on identifying foreign and US-based networks that rarely happens with white ideological violence, and as a result it doesn’t get approached systematically.

Correlations on Facebook Probably Key to ISIS Claim in San Bernardino

Authorities investigating the San Bernardino killing just told all the press that they found a posting from the wife in the attack, Tashfeen Malik, pledging allegiance to ISIS’s Abu Bakr al-Baghdadi. CNN’s report included the following interesting details:

Investigators think that as the San Bernardino, California, attack was happening, female shooter Tashfeen Malik posted a pledge of allegiance to ISIS leader Abu Bakr al-Baghdadi on Facebook, three U.S. officials familiar with the investigation told CNN.

Malik’s post was made on an account with a different name, one U.S. official said. The officials did not explain how they knew Malik made the post.

What this implies is that the FBI found this pledge by correlating the name under which she made it with her known identity as Tashfeen Malik.

At first, I assumed they did with this IP addresses (and that’s definitely possible).

But given the way they haven’t been releasing as many pictures of her, I wonder whether it wasn’t, instead, done via Facebook’s facial recognition technology, working first off her face and then backwards to her devices?

In any case, I have little reason to doubt this is a sound correlation. What I do find interesting is, after gagging Nicholas Merrill for 11 years to avoid revealing how they use such requests to correlate all of a person’s identities, they’ve hinted at that ability here almost immediately, presumably because there’s such a demand for answers (and, in reality, for some way to tag this as Islamic terrorism).

Update: On reflection, I think it virtually impossible Facebook correlated these accounts using facial recognition, because there are almost no public pictures of Malik (I’ve seen thus far reported).